Password protection

Ever wanted a specific directory in your site to be available only to
people who you want it to be available to? Ever got frustrated with the
seeming holes in client-side options for this that allowed virtually
anyone with enough skill to mess around in your source to get in? htaccess
is the answer!

There are numerous methods to password protecting areas of your site,
some server language based (such as ASP, PHP or PERL) and client side
based, such as JavaScript. JavaScript is not as secure or foolproof as a
server-side option, a server side challenge/response is always more secure
than a client dependant challenge/response. htaccess is about as secure as
you can or need to get in everyday life, though there are ways above and
beyond even that of htaccess. If you aren't comfortable enough with
htaccess, you can password protect your pages any number of ways, and
JavaScript Kit has plenty of
password protection scripts for your use.

The first thing you will need to do is create a file called
.htpasswd. I know, you might have problems with the naming
convention, but it is the same idea behind naming the htaccess file
itself, and you should be able to do that by this point. In the htpasswd
file, you place the username and password (which is encrypted) for those
whom you want to have access.

For example, a username and password of wsabstract
(and I do not recommend having the username being the same as the
password), the htpasswd file would look like this:

wsabstract:y4E7Ep8e7EYV

Notice that it is UserName first, followed by the Password. There is a
handy-dandy tool available for you to easily encrypt the password into
the proper encoding for use in the httpasswd file.

For security, you should not upload the htpasswd file to a directory
that is web accessible (yoursite.com/.htpasswd), it should be placed
above
your www root directory. You'll be specifying the location to it later on,
so be sure you know where you put it. Also, this file, as with htaccess,
should be uploaded as ASCII and not BINARY.

The first line is the full server path to your htpasswd file. If you
have installed scripts on your server, you should be familiar with this.
Please note that this is not a URL, this is a server path. Also note that
if you place this htaccess file in your root directory, it will password
protect your entire site, which probably isn't your exact goal.

The second to last line require user is where you
enter the username of those who you want to have access to that portion of
your site. Note that using this will allow only that specific user to be
able to access that directory. This applies if you had an htpasswd file
that had multiple users setup in it and you wanted each one to have access
to an individual directory. If you wanted the entire list of users to have
access to that directory, you would replace Require user xxx
with require valid-user.

The AuthName is the name of the area you want to
access. It could anything, such as "EnterPassword". You can change the
name of this 'realm' to whatever you want, within reason.

We are using AuthType Basic because we are using basic
HTTP authentication.